Post navigation

Toshiba Information Systems UK Ltd

What

How much

Why

A security fault in an online competition meant that the personal details of individuals who registered could be accessed by user other than the data controller.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that the data controller will obtain sufficient guarantees from the data processor that it will conduct appropriate web application security tests in relation to any web applications and that compliance with these guarantees are ministered.

Reason for action

It was felt that insufficient security testing had been performed on the web application intended for the competition, despite a written contract being in place between the data controller and data processor.